camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From davscl...@apache.org
Subject [2/3] camel git commit: CAMEL-11269 - fix for URISupport and masking secrets
Date Sat, 13 May 2017 08:08:40 GMT
CAMEL-11269 - fix for URISupport and masking secrets


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/9b2d5aac
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/9b2d5aac
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/9b2d5aac

Branch: refs/heads/camel-2.19.x
Commit: 9b2d5aacaf0a73759e075434bfd9151fcd36fa12
Parents: f8a0579
Author: Paolo Antinori <pantinor@redhat.com>
Authored: Fri May 12 16:09:52 2017 +0200
Committer: Claus Ibsen <davsclaus@apache.org>
Committed: Sat May 13 10:04:59 2017 +0200

----------------------------------------------------------------------
 camel-core/src/main/java/org/apache/camel/util/URISupport.java | 2 +-
 .../src/test/java/org/apache/camel/util/URISupportTest.java    | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/9b2d5aac/camel-core/src/main/java/org/apache/camel/util/URISupport.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/URISupport.java b/camel-core/src/main/java/org/apache/camel/util/URISupport.java
index f8913bd..17f5935 100644
--- a/camel-core/src/main/java/org/apache/camel/util/URISupport.java
+++ b/camel-core/src/main/java/org/apache/camel/util/URISupport.java
@@ -41,7 +41,7 @@ public final class URISupport {
     // Match any key-value pair in the URI query string whose key contains
     // "passphrase" or "password" or secret key (case-insensitive).
     // First capture group is the key, second is the value.
-    private static final Pattern SECRETS = Pattern.compile("([?&][^=]*(?:passphrase|password|secretKey)[^=]*)=([^&]*)",
+    private static final Pattern SECRETS = Pattern.compile("([?&][^=]*(?:passphrase|password|secretKey)[^=]*)=(RAW\\(.*\\)|[^&]*)",
             Pattern.CASE_INSENSITIVE);
     
     // Match the user password in the URI as second capture group

http://git-wip-us.apache.org/repos/asf/camel/blob/9b2d5aac/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
----------------------------------------------------------------------
diff --git a/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java b/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
index 8317fb2..8e35c32 100644
--- a/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
+++ b/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
@@ -237,6 +237,12 @@ public class URISupportTest extends ContextTestSupport {
         assertEquals(expected, URISupport.sanitizeUri(uri));
     }
 
+    public void testSanitizeUriRawUnsafePassword() {
+        String uri = "sftp://localhost/target?password=RAW(beforeAmp&afterAmp)&username=jrandom";
+        String expected = "sftp://localhost/target?password=xxxxxx&username=jrandom";
+        assertEquals(expected, URISupport.sanitizeUri(uri));
+    }
+
     public void testNormalizeEndpointUriWithUserInfoSpecialSign() throws Exception {
         String out1 = URISupport.normalizeUri("ftp://us%40r:t%st@localhost:21000/tmp3/camel?foo=us@r");
         assertEquals("ftp://us%40r:t%25st@localhost:21000/tmp3/camel?foo=us%40r", out1);


Mime
View raw message